cve 2025 40206

About this tag
The tag cve 2025 40206 covers a Linux kernel vulnerability in the netfilter nftables subsystem. The flaw involves improper validation of objref and objrefmap expressions, allowing a rule referencing a synproxy stateful object from the OUTPUT hook to trigger infinite recursion and a stack-guard crash. The fix adds proper validation to prevent this crash. This tag is relevant for Linux system administrators and security professionals monitoring kernel vulnerabilities.
  1. CVE-2025-40206: nftables objref Validation Fix Prevents OUTPUT Recursion Crash (Linux Kernel)

    A recently disclosed Linux-kernel vulnerability in the netfilter nftables subsystem can cause a kernel crash when a rule references certain stateful objects from the OUTPUT hook; maintainers fixed the defect by adding proper validation for objref and objrefmap expressions so that referencing a...